Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2009-0758

Published: 03/03/2009 Updated: 12/08/2010
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Avahi

Vulnerability Summary

The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote malicious users to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.

Vulnerable Product Search on Vulmon Subscribe to Product

avahi avahi-daemon 0.6.23

Vendor Advisories

Debian CVElist Bug Report Logs: avahi-daemon: reflector creates packet storm on legacy unicast traffic
Debian Bug report logs - #517683 avahi-daemon: reflector creates packet storm on legacy unicast traffic Package: avahi-daemon; Maintainer for avahi-daemon is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for avahi-daemon is src:avahi (PTS, buildd, popcon) Reported by: Rob Leslie <rob@mar ...
Ubuntu Security Notice: avahi vulnerabilities
It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network This issue only affected Ubuntu 804 LTS and 904 (CVE-2009-0758) ...

References

CWE-399http://www.openwall.com/lists/oss-security/2009/03/02/1http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683http://www.mandriva.com/security/advisories?name=MDVSA-2009:076http://www.securityfocus.com/bid/33946http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.htmlhttp://secunia.com/advisories/38420http://www.debian.org/security/2010/dsa-2086https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683https://usn.ubuntu.com/992-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook